diff --git a/src/main/java/com/youlai/boot/config/SecurityConfig.java b/src/main/java/com/youlai/boot/config/SecurityConfig.java index 587c1295..61d7d84c 100644 --- a/src/main/java/com/youlai/boot/config/SecurityConfig.java +++ b/src/main/java/com/youlai/boot/config/SecurityConfig.java @@ -34,7 +34,7 @@ import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; /** - * Spring Security 安全配置 + * Spring Security 配置类 * * @author Ray.Hao * @since 2023/2/17 @@ -82,7 +82,7 @@ public class SecurityConfig { // 禁用默认的 Spring Security 特性,适用于前后端分离架构 .sessionManagement(configurer -> - configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态认证,不使用 Session + configurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS) // 无状态认证,不使用 Session ) .csrf(AbstractHttpConfigurer::disable) // 禁用 CSRF 防护,前后端分离无需此防护机制 .formLogin(AbstractHttpConfigurer::disable) // 禁用默认的表单登录功能,前后端分离采用 Token 认证方式 @@ -132,21 +132,28 @@ public class SecurityConfig { return new WechatAuthenticationProvider(userService, wxMaService); } + + /** + * 短信验证码认证 Provider + */ + @Bean public SmsAuthenticationProvider smsAuthenticationProvider() { return new SmsAuthenticationProvider(userService, redisTemplate); } /** - * 手动注入 AuthenticationManager,支持多种认证方式 - * - DaoAuthenticationProvider:用户名密码认证 - * - WeChatAuthenticationProvider:微信认证 + * 认证管理器 */ @Bean - public AuthenticationManager authenticationManager() { + public AuthenticationManager authenticationManager( + DaoAuthenticationProvider daoAuthenticationProvider, + WechatAuthenticationProvider weChatAuthenticationProvider, + SmsAuthenticationProvider smsAuthenticationProvider + ) { return new ProviderManager( - daoAuthenticationProvider(), - weChatAuthenticationProvider(), - smsAuthenticationProvider() + daoAuthenticationProvider, + weChatAuthenticationProvider, + smsAuthenticationProvider ); } } diff --git a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java index db7fa180..fc71fe37 100644 --- a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java +++ b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationProvider.java @@ -73,7 +73,7 @@ public class SmsAuthenticationProvider implements AuthenticationProvider { // 构建认证后的用户详情信息 SysUserDetails userDetails = new SysUserDetails(userAuthInfo); - // 创建已认证的 WeChatAuthenticationToken + // 创建已认证的 SmsAuthenticationToken return SmsAuthenticationToken.authenticated( userDetails, userDetails.getAuthorities() diff --git a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java index 8f1484c7..54cb026c 100644 --- a/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java +++ b/src/main/java/com/youlai/boot/core/security/extension/sms/SmsAuthenticationToken.java @@ -60,7 +60,7 @@ public class SmsAuthenticationToken extends AbstractAuthenticationToken { * * @param principal 用户信息 * @param authorities 授权信息 - * @return + * @return SmsAuthenticationToken */ public static SmsAuthenticationToken authenticated(Object principal, Collection authorities) { return new SmsAuthenticationToken(principal, authorities); diff --git a/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java b/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java index efed422e..c306bdee 100644 --- a/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java +++ b/src/main/java/com/youlai/boot/shared/auth/controller/AuthController.java @@ -75,7 +75,7 @@ public class AuthController { @Operation(summary = "发送登录短信验证码") @PostMapping("/login/sms/code") - public Result sendLoginVerifyCode( + public Result sendLoginVerifyCode( @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile ) { authService.sendSmsLoginCode(mobile); @@ -87,7 +87,7 @@ public class AuthController { @Log(value = "短信验证码登录", module = LogModuleEnum.LOGIN) public Result loginBySms( @Parameter(description = "手机号", example = "18812345678") @RequestParam String mobile, - @Parameter(description = "验证码", example = "123456") @RequestParam String code + @Parameter(description = "验证码", example = "1234") @RequestParam String code ) { AuthenticationToken loginResult = authService.loginBySms(mobile, code); return Result.success(loginResult); diff --git a/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java b/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java index 8233248d..c1e850f1 100644 --- a/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java +++ b/src/main/java/com/youlai/boot/shared/auth/service/impl/AuthServiceImpl.java @@ -53,7 +53,6 @@ public class AuthServiceImpl implements AuthService { private final CodeGenerator codeGenerator; private final SmsService smsService; - private final RedisTemplate redisTemplate; /** @@ -101,7 +100,7 @@ public class AuthServiceImpl implements AuthService { } /** - * 发送短信验证码 + * 发送登录短信验证码 * * @param mobile 手机号 */ @@ -134,7 +133,7 @@ public class AuthServiceImpl implements AuthService { */ @Override public AuthenticationToken loginBySms(String mobile, String code) { - // 1. 创建用户微信认证的令牌(未认证) + // 1. 创建用户短信验证码认证的令牌(未认证) SmsAuthenticationToken smsAuthenticationToken = new SmsAuthenticationToken(mobile, code); // 2. 执行认证(认证中) diff --git a/src/main/resources/mapper/system/UserMapper.xml b/src/main/resources/mapper/system/UserMapper.xml index 0660dbcf..88e103af 100644 --- a/src/main/resources/mapper/system/UserMapper.xml +++ b/src/main/resources/mapper/system/UserMapper.xml @@ -165,7 +165,6 @@ t1.id userId, t1.username, t1.nickname, - t1.PASSWORD, t1.STATUS, t1.dept_id , t3.CODE @@ -232,7 +231,4 @@ u.id = #{userId} AND u.is_deleted = 0 - - -